(+2 rating)
Loading ...Yesterday
was spent huddled up in a Dockland’s hotel in London, discussing issues of identity management. The Whitehall Media IDM2008 event brought together public and private sector experts to talk about the big, and little, challenges of identity assurance in today’s IT infrastructures.
From document management to remote access, compliance to shiny web 2.0 style portals, identity management is central to running a secure and efficient IT infrastructure. All the more distressing that it is also one of the most problematic elements of business IT architectures, with forests of directory trees and multiple ‘authoritative’ information sources. Now is the time to get that sorted out.
Dr. Hellmuth Broda, from the Liberty Alliance, talked about their efforts to standardize mechanisms across the industry. Questions from the floor challenged their ability to do that, with big names like IBM and Microsoft missing from the project. That said, they are re-using existing standards, rather than creating their own, so that may not be such a barrier. Kerberos received frequent mentions. This near-ancient standards-based security continues to feature, even in the upcoming Windows 7 security (read this introduction to Kerberos for more). It is a good technology that works well and is network friendly.
There were some impressive projects discussed during the day. Glow is a project for the Scottish educational system that supports millions of users on a national schools intranet, with up to 250,000 individuals authenticating at peak times. It has proved the ability of directory technologies to work at scale, but still be very feature rich - it supports the ability to have users in dozens of groups and with overlapping roles.
A number of vendors were on hand to discuss their products: integration products from Salford Software and Quest Software, server software from Sun Microsystems, and professional services and consulting from the likes of DNS, Logica and PA Consulting Group.
Dormant unused accounts are a potential security hazard, while password resets are a massive resource sync - figures quoted suggested taht a password reset costs an average of £50 in lost time and accounts for over 40% of all help desk calls. Getting user identity under control is a critical business governance task, and makes good commercial sense for any company from medium sized upwards.
For me, the most insightful comment of the day came from Alan Coburn of identity management specialists DNS, who said this: “Don’t treat an identity management project like just another IT project. Identity management projects are business transformation projects.”
If you want to dig into Identity Management in more detail, I recommend checking out Kim Cameron’s identity blog, starting with his introduction.
Add Your Comment